Was testing things and ran into autofill errors with KeePassXC. Looks like the Firefox plugin manages to pass the full length of the password, even if the input field is limited to a lower number of chars. Manually pasting the password truncates it, though.
I had a problem once logging in at my insurance website. A simple copy paste from KeePass, but it said wrong password, it didn’t make sense to me. Until I tried to only copy 8 characters into the PW field and it worked :/
But 60 seems reasonable long.
It is reasonable, but I can’t shake off this dislike towards such arbitrary feeling limits. I know some algorithms have issues with certain lengths, but why bother preventing me from logging in? Truncate it at the hashing step and let me move on with my life. Or at least state it beforehand.
The worst offenders are the ones who allow signing up without a limit but the login form starts enforcing it and you can never pass through it.
In this same vein, I used to work as tech support for a bank that had a key fob token rotator for 2fa. The implementation was you put the token in the password field after the password.
The website did not tell you it truncated after 8 characters. There was also no real indicator that the actual activation of the token was the first attempted use after it was received.
Many customers had passwords longer than 8 characters (or so they thought) and tokens that never activated because the longer password resulted in the token being truncated as well.